HTTP Proxies

In my previous article, I introduced some of the benefits to be gained by using a proxy. In today's article, I'd like to concentrate on HTTP proxies. We'll take a look
at some of the HTTP proxies available in the ports collection and which proxies
are suited for which needs.

If you have any familiarity with HTTP proxies, your first thought is
probably Squid, the excellent HTTP
proxy. Since there are already many fine articles and tutorials on using and
configuring Squid, I won't cover that product in this series. For those that
are disappointed, I'll give you with a few URLs:

Squid is an example of a very configurable HTTP proxy that can scale into
very large networks. This is great if you are an administrator of a very large
network, but overkill if you simply want to surf safely from your FreeBSD box
or enforce a policy on a small home network. Thinking as a user, what are some
of the irritants that go along with web browsing? The following quickly come
to mind:

Depending upon the web browser you use, some of these irritants can be dealt
with directly. Others require you to install additional proxy software. Let's
start by taking a look at some common browsers, then move onto complementary
proxies.

Web Browser Features

As of this writing, these are the latest (non-forbidden) versions of three
popular web browsers:

mozilla-1.3_1,2

opera-6.12

linux-netscape-navigator-4.8

Keep in mind that new features are added with new versions, so features that
are missing now may appear in later versions. Also, every web browser has a
"Preferences" section, so if your browser isn't listed here, check it out to
see what features are available.

For these browsers, the Preferences section is found under the Edit menu of
Netscape and Mozilla, and under the File menu of Opera. You'll find a big
difference in the amount of Preferences available between Netscape and Mozilla
or Opera. This is because this is an older version of Netscape.

All three browsers have an appropriately named setting that allows you to
deal with cookies. Each also allows you to enable or disable Java and
JavaScript. Finally, if you have a slow Internet connection and plenty of disk
space, you may find a speed improvement by tweaking each browser's cache
settings.

Dealing with popup windows is a newer feature, so it is not found in this
version of Netscape. In Opera, click on General to find the setting to disallow
popups. Mozilla takes this a step further by either disabling popups entirely
or on a site-by-site basis. To disable popups all together, go to Privacy &
Security->Popup Windows and read the warning on the ramifications.
Alternately, as you encounter a site with an irritating popup, simply
right-click the page and choose to "Reject popup windows from this site."

bfilter

Now, let's see what some of the applications in the ports collection can do
to augment the features already provided by your favorite web browser. I'll
start with bfilter.
This HTTP proxy not only controls popup windows, it also stops those annoying
flashing ads and promises to disable webbugs. To build this port, become the
superuser and:

# cd /usr/ports/net/bfilter
# make install clean

The port will install an application to /usr/local/bin/bfilter
and a configuration file to /usr/local/etc/bfilter/config. Once
the build is finished, leave the superuser account and type
bfilter in order to start the proxy. Then verify that the proxy is
listening for requests:

You'll note that bfilter listens on port 8080 on the loopback
address. If you read the comments in its configuration file, you'll see that
127.0.0.1 means to listen for HTTP requests on all interfaces. If you wish to
listen only on one interface, specify its IP address in the configuration
file.

bfilter is not a transparent proxy, meaning you will have to
configure your web browser to use the proxy. Go into the Preferences section of
your browser and you should find a setting that deals with Proxies. Type in the
IP address and port number used by bfilter. In my example,
bfilter is running on the same machine as my web browser, so I use
127.0.0.1 as the IP address and 8080 as the port number. If you are running
bfilter on a separate computer, change the IP address in its
configuration file to reflect the IP address of the NIC attached to your
internal network. Then set the browsers on the computers in your network to
use that IP address in their Proxies section of Preferences.

bfilter also has a rules file, found in
/usr/local/etc/bfilter/rules. However, I found that the default
rules worked flawlessly at catching popup windows and flashing ads. If you're
looking for an easy-to-use proxy that works out of the box,
bfilter is a very nice solution.

middleman

Another HTTP proxy I enjoy using is middleman.
Like bfilter, it works as is, but what makes this proxy
interesting are the additional features that provide an enticing way to learn
more about HTTP and what is happening behind the scenes every time you visit a
web site.

First, let's build the port:

# cd /usr/ports/www/middleman
# make install clean

Note that the name of the installed application will be
/usr/local/bin/mman. You also need to know the name of the
default configuration file in order to start the application. If you just type
mman, you'll receive the help file. Instead, use the
c or config-file switch to start the proxy:

# mman -c /usr/local/etc/mman.xml

I found that the proxy needs to be started as the superuser. Don't forget to
check the port mman is listening on and set the Proxies section of
your browser accordingly:

If you plan on using middleman, take the time to read
/usr/local/share/doc/middleman/README.html. This is the only
documentation on the product, but it is very thorough and full of interesting
ideas on how to use a proxy.

Although the default configuration will probably suit your needs, you should
check out the included web interface by typing mman into your
browser. This will allow you to view: